3 Things Investors Must Know When Handling Personally Identifiable Information “PII”

Companies have an ethical and legal obligation to protect the personally identifiable information (PII) of their customers and employees. PII is any data that can be used to identify a specific individual, such as their name, social security number, or financial information. The use and handling of PII is regulated by various laws, such as the General Data Protection Regulation (GDPR) in the Europen Union and the California Consumer Privacy Act (CCPA) in the United States.

The origins of PII protocols can be traced back to the 1970’s when concerns about consumer privacy and the potential misuse of personal data first emerged. In the United States, the Fair Credit Reporting Act (FCRA) was enacted in 1970 to regulate the collection, use and dissemination of consumer credit information. The FCRA was later amended by the Gramm-Leach-Bliley (GLBA) in 1999, which added additional requirements for financial institutions to protect the confidentiality of customer information.

The GDPR, which went into effect in 2018, significantly strengthened data protection laws in the European Union. The GDPR applies to any company that processes the personal data of EU citizens, regardless of the company’s location. It gives individuals the right to access their personal data, the right to be forgotten and the right to data portability, among other rights.

In the United States, the CCPA came into effect in 2020, and it has similar provisions to the GDPR. It grants California residents the right to know what personal information a company has collected about them, the right to delete that information, and the right to opt out of the sale of their personal information.

To ensure compliance with PII regulations, companies should have a clear and comprehensive privacy policy in place. This policy should detail what personal information is collected, why it is collected, how it is used, and how it is protected. Companies should also provide notice to individuals before collecting their personal information and obtain their consent if necessary.

In addition to having a strong privacy policy, companies should implement technical and organizational measures to protect personal information. This includes encrypting data, regularly updating security software and limiting access to personal information to only those who need it for their job duties.

As a marketer, your research may go far beyond skip tracing. You may build out customer personas that you then populate with prospects’ actual information. If the data you obtain includes PII, you are subject to the regulations and protocols noted above. Be sure to incorporate the appropriate security measures to ensure your business does not violate the rules or the trust of the prospects you hope to serve.